Antonio Cocomazzi @splinter_code
offensive security - windows internals | BlueSky: https://t.co/ytvJCoaF2c | Mastodon: https://t.co/hNIHa6L14d splintercod3.blogspot.com Italy Joined August 2016-
Tweets2K
-
Followers9K
-
Following324
-
Likes3K
> A new Project Zero blog post by James Forshaw projectzero.google/2026/02/gphfh-… Me: Oh hey, I recognize this function! UIAccess + GetProcessHandleFromHwnd / NtUserGetWindowProcessHandle were the core of my CVE-2021-31951 EoP 😋 So some fixes leading to v3 actually date a bit earlier
@decoder_it breaks down reflection attacks and their impact on enterprise security in this new talk at #INSO26. Are you interested in how modern authentication flow works? So this talk is for you! Save your spot: ow.ly/cCr450Ykak4 #Infosec #INSO26 #CyberConference
Just dropped a short post on why some classic NTLM relay tricks seems to be dead on Server 2025. decoder.cloud/2026/02/25/wha…
Just published a summary of "modern" Windows authentication reflection attacks. Turns out reflection never really died. 😅decoder.cloud/2025/11/24/ref…
Blog post about my recent CVE-2025-58726, aka “The Ghost Reflection” is out, read it here: semperis.com/blog/exploitin… 🙃
Remember the CredMarshalInfo trick? If you hadn’t applied the June 2025 patch, CVE-2025-33073 would have been critical. We know that in NTLM local auth, msg 3 is empty:You can drop sign/seal -> from Domain User to DomainAdmin escalation. 😅
my simple poc: github.com/decoder-it/pri…
Coercing machine authentication on Windows 11 /2025 using the MS-PRN/PrinterBug DCERPC edition, since named pipes are no longer used. Kerberos fails in this case due to a bad SPN from the spooler, forcing NTLM fallback.
Better socket handle visibility coming soon to @SystemInformer 🔥 When viewing a process handle table, SI will recognize files under \Device\Afd and retrieve information about their state, protocol, addresses, and more. Also works on Bluetooth and Hyper-V sockets 🤩
Apply here → sentinelone.com/jobs/?gh_jid=6… Happy to chat if you want to learn more.
The role is opened in multiple locations in Europe (we’re hiring across Italy, Spain, Poland, Czech Republic, Slovakia and France), with optional relocation support to Czechia if you'd prefer to move (must be eligible to work in the EU already at the time of applying).
I’m hiring Staff Windows Security Researchers to join my XAT (eXploits and Anti-Tampering) team at @SentinelOne! 🔥 👉 sentinelone.com/jobs/?gh_jid=6… More details 👇
In my long history of submissions, I think this is the first time one has been marked as critical😅
Another Monday. Another week of… endless emails, annoying meetings, and oh look, a three-headed monkey behind you! Now that we have your attention, we can unveil the agenda for #RomHack2025 romhack.io/romhack-confer… #infosec #securityconference
I just published a blog post where I try to explain and demystify Kerberos relay attacks. I hope it’s a good and comprehensive starting point for anyone looking to learn more about this topic. ➡️decoder.cloud/2025/04/24/fro…
Microsoft has discovered post-compromise exploitation of CVE 2025-29824, a zero-day elevation of privilege vulnerability in Windows Common Log File System (CLFS), against a small number of targets. msft.it/6019qIVV9
NTLM relay is still a major threat and is now even easier to abuse. We just added new NTLM relay edges to BloodHound to help defenders fix and attackers think in graphs. Read my detailed post - the most comprehensive guide on NTLM relay & the new edges: ghst.ly/4lv3E31
We (me + @2igosha) have discovered a new Google Chrome 0-day that is being used in targeted attacks to deliver sophisticated spyware 🔥🔥🔥. It was just fixed as CVE-2025-2783 and we are revealing the first details about it and “Operation ForumTroll” securelist.com/operation-foru…
Check out our new blog post!
🍎🚨🕵️♂️ The notoriously elusive macOS malware, ReaderUpdate, is back — stealthier than ever. @philofishal and @syrion89 uncover how ReaderUpdate Reforged blends Go, Crystal, Nim, and Rust into a potent mix. 📄 This new research from SentinelOne exposes how these new variants are
vx-underground @vxunderground
436K Followers 356 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Florian Roth ⚡️ @cyb3rops
220K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Justin Elze @HackingLZ
70K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
chompie @chompie1337
88K Followers 1K Following hacker, exploit developer/weird machine mechanic head of X-Force Offensive Research (XOR) @IBM
Grzegorz Tworek @0gtweet
38K Followers 2K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-
Adam Chester 🏴�... @_xpn_
38K Followers 538 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOlmau2 | Insta at https://t.co/PqR6CZQ48T
Oliver Lyak @ly4k_
9K Followers 267 Following Yet another security researcher 🔦 Github: https://t.co/7WFOFz17KI
mgeeky | Mariusz Bana... @mariuszbit
14K Followers 950 Following 🔴 Offensive Security Developer @ Outflank, Red Team operator, ex-AV dev, ex- malware researcher 🫖 Green tea lover
sn🥶vvcr💥sh @snovvcrash
12K Followers 495 Following Sr. Penetration Tester / Red Team Operator @ptswarm :: Author of the Pentester’s Promiscuous Notebook :: He/him :: Tweets’re my pwn 🐣
Andrea P @decoder_it
9K Followers 320 Following Security Consultant @semperistech . Independent Security Researcher. Cyclist & Scubadiver. MSRC MVR 2022. "So di non sapere"
an0n @an0n_r0
14K Followers 732 Following CRT(E|O|L) | OSCP | @RingZer0_CTF 1st (for 2yrs) | HackTheBox Top10 | RPISEC MBE | Flare-On completer | GoogleCTF writeup winner | SSD research | Math MSc |🇭🇺
Josh @passthehashbrwn
10K Followers 297 Following Adversarial Simulation at IBM, tweets are mine etc.
Charlie Bromberg « ... @_nwodtuhs
16K Followers 660 Following Trying to hack the way we hack things 🏴☠️
Filip Dragovic @filip_dragovic
7K Followers 1K Following My research unless stated otherwise. My opinions are my own and do not represent the views of my employer. Red Team @MDSecLabs
Will Dormann is on Ma... @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. I used to be here on Twitter but now I'm here: @[email protected] https://t.co/hXggdAVkSQ
Yarden Shafir @yarden_shafir
25K Followers 318 Following A circus artist with a visual studio license
n00py @n00py1
14K Followers 966 Following Retweeter of InfoSec/Offsec/Pentest/Red Team. Occasional blogger/Independent security research.
Marko Mladenovic @marko_bugdigger
1 Followers 214 Following Software Engineering; Reverse Engineering; Game Security; AI; Windows OS Internals
DFX @DFXthegrey
4 Followers 177 Following
m4c130d @m4c130d_
1 Followers 63 Following
Cyber Sentinel @Sentinel_gu
0 Followers 4 Following
Guihack @Guihackap
2 Followers 65 Following
rb3nzr @rb3nzr
0 Followers 57 Following
bl4ck4rch @bl4ckarch
161 Followers 420 Following Pentester at @orangecyberdef | CTF enthusiast | @hackthebox MVP 2025
Alex @AlexLauralex
42 Followers 701 Following Programming, Hacking, Penetration Test, Software Engineering, Game Development...
bugsploiterr @systempwn3d
19 Followers 2K Following
MAk @BugBountyBeast
6 Followers 1K Following
Arun Kumar N @ArunKumarN26133
2 Followers 95 Following
Kevin @Kevin71201026
0 Followers 144 Following
poce @Pocee_
68 Followers 344 Following moi 🔨🥓 ௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌௌ
Zumpyx @zumpyx
0 Followers 76 Following
Markus Walschburger @mwalschburger
75 Followers 783 Following Cloud Solutions Architect (PFE) @Gk exMSFT Responsible for Cloud & on-premises Cybersecurity. Dealing with M365D, Sentinel, MDC, ESAE, PAW & Zero Trust - AD
0xDbg @0x_dbg
8 Followers 826 Following
Dang Hung @hungdv80
62 Followers 2K Following
Renzo Rodriguez @RenzoOracle
45 Followers 2K Following
Willi Allen @WilliAllenatde
11 Followers 242 Following
Rahim @hizawye
104 Followers 3K Following
Ghost Byte @PickettTon18807
7 Followers 1K Following
twis @Twis65640Twis
2 Followers 524 Following
Albechino_ @Albechino
0 Followers 92 Following
Rodrigo Rios @Rodrigofrj
49 Followers 2K Following O sábio nunca diz tudo o que pensa, mas pensa sempre tudo o que diz. Aristóteles.
Preslav @Preslav2003
4 Followers 365 Following
peterpan @netdivers
188 Followers 1K Following
Wi @VAC4
1 Followers 458 Following
曼珠沙华 @lurenjiayibing1
14 Followers 1K Following Revelers,爆料者,여물 을 터 뜨 린 다,Détonateur,爆料者,OffenbarerName,Попкорн ,暴露者,just want to say the true,but as a human,i have the shortcoming too。
hackerswat @hakerswat
0 Followers 6 Following
GiovanniCammarano @GCammarano21979
0 Followers 45 Following
Wodachs Spam @wodachs35339
0 Followers 18 Following
Adamok666 @_Adamok666
0 Followers 48 Following
2B @2B9975657120850
19 Followers 2K Following
Pilottux @Pilottux
4 Followers 135 Following
ko ko @kokoasdxz
0 Followers 54 Following
Medio Utente @utentebasico
2 Followers 81 Following
Tobi @_tigerwalking
327 Followers 896 Following
Giovanni Patruno @Gio_Patruno
17 Followers 105 Following
z0ar @z0arxor
0 Followers 70 Following
Scanner @scanner_4
5 Followers 932 Following
Ian @iangregsondev
38 Followers 2K Following
vx-underground @vxunderground
436K Followers 356 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Florian Roth ⚡️ @cyb3rops
220K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Justin Elze @HackingLZ
70K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
chompie @chompie1337
88K Followers 1K Following hacker, exploit developer/weird machine mechanic head of X-Force Offensive Research (XOR) @IBM
Grzegorz Tworek @0gtweet
38K Followers 2K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-
Oliver Lyak @ly4k_
9K Followers 267 Following Yet another security researcher 🔦 Github: https://t.co/7WFOFz17KI
sn🥶vvcr💥sh @snovvcrash
12K Followers 495 Following Sr. Penetration Tester / Red Team Operator @ptswarm :: Author of the Pentester’s Promiscuous Notebook :: He/him :: Tweets’re my pwn 🐣
Andrea P @decoder_it
9K Followers 320 Following Security Consultant @semperistech . Independent Security Researcher. Cyclist & Scubadiver. MSRC MVR 2022. "So di non sapere"
an0n @an0n_r0
14K Followers 732 Following CRT(E|O|L) | OSCP | @RingZer0_CTF 1st (for 2yrs) | HackTheBox Top10 | RPISEC MBE | Flare-On completer | GoogleCTF writeup winner | SSD research | Math MSc |🇭🇺
Josh @passthehashbrwn
10K Followers 297 Following Adversarial Simulation at IBM, tweets are mine etc.
Filip Dragovic @filip_dragovic
7K Followers 1K Following My research unless stated otherwise. My opinions are my own and do not represent the views of my employer. Red Team @MDSecLabs
Will Dormann is on Ma... @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. I used to be here on Twitter but now I'm here: @[email protected] https://t.co/hXggdAVkSQ
Yarden Shafir @yarden_shafir
25K Followers 318 Following A circus artist with a visual studio license
x86matthew @x86matthew
23K Followers 204 Following system emulation / reverse-engineering / binary analysis. @the_secret_club
Dirk-jan @_dirkjan
30K Followers 205 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
Dr. Nestori Syynimaa @DrAzureAD
21K Followers 2K Following Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK). And yes, opinions are my own ;)
Marcello @byt3bl33d3r
30K Followers 817 Following CyBeRsEcUrItY | Not afraid to put down with some THICC malware on disk | AI Research @PaloAltoNtwks | former purple team | Ex @spacex
Ács Dávid @acsdavid97
35 Followers 396 Following Computer Science student, interested in all things Red & Blue team.
Koby Kahane @kobyk
122 Followers 263 Following
Josh Stroschein | The... @jstrosch
12K Followers 1K Following Reverse engineer and content creater | 😱 1M+ views on YT | 🎙️ Host of Behind the Binary podcast 👇
Luigi Martire @luigi_martire94
724 Followers 556 Following Malware Analyst, Threat Researcher, Cyber Security Addicted. Opinions are my own.
Polymarket @Polymarket
1.6M Followers 6K Following The World's Largest Prediction Market. Trade politics, news, crypto, culture, sports, tech, & more. Discord: https://t.co/tzKrbDfF3x
Clement Rouault @hakril
1K Followers 532 Following Python (ab)user / Security / Windows internals / @ExaTrack
mr.d0x @mrd0x
45K Followers 299 Following Security researcher | Co-founder https://t.co/QxBlzp9A8w | https://t.co/zqMXQRZjQN | https://t.co/Fq7WSqTBva | https://t.co/eKezFcO6nd
Johnathan Norman @spoofyroot
4K Followers 333 Following Security research and engineering lead at @microsoft. on mastodon: https://t.co/YfJkktByFv and @spoofy.bsky.social not posting here anymore.
SinSinology @SinSinology
13K Followers 735 Following Pwn2Own 20{22,23,24*2,25*3,26*2}, i look for 0-Days but i find N-Days & i chase oranges 🍊
Raffaele Sabato @syrion89
590 Followers 651 Following macOS Detection Engineer at @SentinelOne. Offensive Security, Malware, Reverse Engineering and Apple Security. Opinions are my own. @syrion89.bsky.social
Justin Ibarra @br0k3ns0und
2K Followers 972 Following detection engineering | security research | agent shepherding | meta-engineering | @sentinelone, former @elastic/@elasticseclabs @endgameinc etc.
Nick Powers @zyn3rgy
2K Followers 255 Following Adversary Simulation @SpecterOps | Previously @Rapid7 & @Protiviti
sixtyvividtails @sixtyvividtails
4K Followers 401 Following Currently working as an independent GUID merchant. Fully licensed. I acquire, produce, and sell high-quality GUIDs.
Panos Gkatziroulis �... @ipurple
27K Followers 826 Following Red/Purple Teamer | Blogger | Ex-Director @pentestlabltd | Mod @ https://t.co/1nzjl9KpSH | https://t.co/mIM1GA1mN4
Vaclav Kotyk @vaclavkotyk
194 Followers 1K Following 🕵🏼♂️🌐Tech communities & Cyber talent sourcing by day 👨🏼💻Returning to my geek roots by night 📚🏌🏼♂️🏞️🥃☕📈🎮🎲 In my free time | Opinions are my own
Alice Climent @AliceCliment
3K Followers 280 Following Malware and EDR stuff @harfanglab 🤓 || PTC || Sister of @h313n_0f_t0r & @lauriewired
crazy hugsy @_hugsy_
4K Followers 940 Following == ReadOnly account == OffSec dev • exploit dev • kernel • hypervisor GH: hugsy Discord: hugsy#0766 BS: @blah.cat MS: [email protected]
Andrew Thompson @ImposeCost
41K Followers 2K Following Head of Global Signals Operations @Google Threat Intelligence Group via @Mandiant acquisition. Posts are attributable to me—not my employer. Former @USMC.
Dennis @DennisF
6K Followers 1K Following ΣΧ, co-founder of @DecipherSec. New novel BE GONE available NOW: https://t.co/bVFJcL9PdF. Worst-selling author. Friend of hackers. @duosec forever.
Securityblog @Securityblog
12K Followers 14K Following There are 10 types of people in the world. Those who understand binary, and those who don't. All opinions and views are my own. #BsidesDub organizer
Bruce Dang @brucedang
5K Followers 1K Following Sweeping the floor at https://t.co/CM8ErzxC5z (we are hiring). Previously at Microsoft/Veramine/Apple. author of Practical Reverse Engineering.
🤷♂️ @floesen_
2K Followers 98 Following
Brent Murphy @brent_murphy
837 Followers 687 Following detection engineering @sentinelone | former @todylsecurity @elastic @endgameinc | oscp | cissp | news @blueteamsec1
Satoshi Tanda @standa_t
8K Followers 397 Following Software security engineer and trainer https://t.co/tenaquooTc
Worawit Wang @sleepya_
2K Followers 39 Following
Michele Campa @s1ckb017
1K Followers 459 Following VR at @XI_Research - my opinions are my own and do not represent the views of my employer
eversinc33 🤍🔪�... @eversinc33
7K Followers 1K Following reversing/deobfuscation/drivers @ https://t.co/64HAro8Scw
Security BSides Pragu... @bsidesprg
595 Followers 226 Following Annual community-driven information security conference
Kyle Avery @kyleavery
4K Followers 598 Following
Boris Larin @oct0xor
19K Followers 705 Following Former console hacker (PS3/PS4). Hunting in the wild 0-days at Kaspersky GReAT. All tweets are my own.
Cedric Van Bockhaven @c3c
980 Followers 355 Following
Alon Leviev @alon_leviev
1K Followers 199 Following Senior Vulnerability Researcher at @Microsoft | Brazilian Jiu Jitsu athlete turned cyber security researcher
Tim McGuffin @NotMedic
6K Followers 2K Following Back to Red Teaming. Risk Hunter. DEFCON Staff & CFP Board. MS in DF. Fmr Fire/EMS. Red and Blue. Builder. Morally Flexible. https://t.co/zakkIXeyHu @ bluesky
System Informer @SystemInformer
718 Followers 1 Following A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions
Vulnlab @vulnlab_eu
6K Followers 1K Following Labs & Training by @xct_de | You are welcome to join the community @ https://t.co/p5R9zGJYHw Vulnlab is now part of Hack The Box.
Jared Atkinson @jaredcatkinson
10K Followers 2K Following | CTO @specterops | Host @dcpthepodcast | Ex PowerShell MVP | USAF Vet | FC Bayern Supporter | Language Learner 🇳🇴 🇮🇹 🇧🇷 |
Geiseric @Geiseric4
913 Followers 163 Following AD/Azure Enthusiast | eCPPTv2 | CRTP | CRTO | CRTE | CRTM | CARTP | CARTE https://t.co/yYy84cNFPw
You might like
